[FFmpeg-devel] [RFC] ignore invalid user-supplied width/height

Michael Niedermayer michaelni
Thu Sep 2 21:44:43 CEST 2010


On Thu, Sep 02, 2010 at 09:14:04PM +0200, Reimar D?ffinger wrote:
> On Thu, Sep 02, 2010 at 11:04:22AM +0200, Michael Niedermayer wrote:
> > On Tue, Aug 31, 2010 at 09:49:33PM +0200, Reimar D?ffinger wrote:
> > > most video codecs will figure out a width/height themselves or fail
> > > if they can't.
> > > So IMO it is better not to fail for invalid values in avcodec_open but
> > > instead just ignore the values by using the "default" of 0.
> > > Otherwise applications would have to manually check the values with
> > > av_check_image_size if they want the video to remain playable even
> > > if the container values were corrupted.
> > > Any objections?
> > 
> > yes, this change will leave invalid values in width/height and has a
> > good chance that this may be exploitable with some decoder
> 
> Yes, that was quite silly.
> Any other comment?

diff with -p next time please :)               
and avcodec_set_dimensions(0,0) could be used and maybe that can be simplified
with the surrounding code, would have to see it first to be sure if so ...

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The real ebay dictionary, page 1
"Used only once"    - "Some unspecified defect prevented a second use"
"In good condition" - "Can be repaird by experienced expert"
"As is" - "You wouldnt want it even if you were payed for it, if you knew ..."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100902/023eee05/attachment.pgp>



More information about the ffmpeg-devel mailing list